C Sample Application Template XML
A sample application template.xml file is shown below:
<application>
<applicationName>Generic UNIX Target</applicationName>
<applicationDisplayName>Generic UNIX Target</applicationDisplayName>
<description>Generic UNIX Target</description>
<connectorDisplayName>Generic UNIX Connector</connectorDisplayName>
<connectorVersion>11.1.1.8.0</connectorVersion>
<disconnected>false</disconnected>
<basicConfigurations>
<basicConfig name="host" value="" helpText="Enter the UNIX host." dataType="String" required="true" displayName="Host"/>
<basicConfig name="loginUser" value="" helpText="User name with which to login to the target. Eg. root." dataType="String" required="true" displayName="Login User"/>
<basicConfig name="loginUserpassword" value="" helpText="Password for the Login User." dataType="GuardedString" required="true" encrypted="true" displayName="Login User Password"/>
<basicConfig name="loginShellPrompt" value="[#$]" helpText="The shell prompt which is displayed when you login to the target. Eg. $ or #." dataType="String" required="false" displayName="L ogin Shell Prompt"/>
<basicConfig name="port" value="22" helpText="Port on which to connect. Eg. 22 for SSH, 23 for Telnet." dataType="int" required="false" displayName="Port"/>
<basicConfig name="Connector Server Name" value="" helpText="Name of the connector server." required="false" displayName="Connector Server Name"/>
<basicConfig name="connectionType" value="SSH" helpText="The connection type to use. SSH, TELNET or SSHPUBKEY (for key based authentication)." dataType="String" required="false" displayNam e="Connection Type"/>
<basicConfig name="connectorPrompt" value="#@#" helpText="The prompt which should be used by the connector for its operations. This expression should not be contained in user logins, users attribute values like GECOS etc. Default is #@#." dataType="String" required="false" displayName="Connector Prompt"/>
<basicConfig name="passphrase" value="" helpText="The passphrase for the private key." dataType="GuardedString" required="false" encrypted="true" displayName="Passphrase"/>
<basicConfig name="propertyFileName" value="" helpText="The relative path of the Script.properties file specific to the UNIX flavor. The connector uses this to decide which script to use f or what operation. Eg. scripts/linux/nonsudo/ScriptProperties.properties. If this is left blank, the connector would try to determine the value for this field." dataType="String" required ="false" displayName="Property File Name"/>
<basicConfig name="rbacAuthorization" value="false" helpText="If RBAC authorization is used for Solaris, it should be true, otherwise false." dataType="boolean" required="false" displayNam e="RBAC Authorization"/>
<basicConfig name="rbacRoleName" value="" helpText="Role name in RBAC." dataType="String" required="false" displayName="RBAC Role Name"/>
<basicConfig name="rbacRolePassword" value="" helpText="RBAC Role Password" dataType="GuardedString" required="false" encrypted="true" displayName="RBAC Role Password"/>
<basicConfig name="sudoAuthorization" value="false" helpText="If the user required sudo authorization or not. false for root user, true otherwise." dataType="boolean" required="false" disp layName="Sudo Authorization"/>
</basicConfigurations>
<advanceConfigurations>
<advanceConfig name="Connector Name" value="org.identityconnectors.genericunix.GenericUnixConnector" required="false" displayName="Connector Name"/>
<advanceConfig name="defaultConnectorShell" value="sh" helpText="Default Connector Shell" dataType="String" required="false" displayName="Default Connector Shell"/>
<advanceConfig name="Bundle Name" value="org.identityconnectors.genericunix" required="false" displayName="Bundle Name"/>
<advanceConfig name="Bundle Version" value="1.0.1" required="false" displayName="Bundle Version"/>
<advanceConfig name="targetDateFormat" value="MM/dd/yy" helpText="The date format expected by the target when specifying the Expire Date attribute." dataType="String" required="false" disp layName="Target Date Format"/>
<advanceConfig name="whitelistRegex" value="[A-Za-z0-9_//]*" helpText="The list of acceptable characters in field values. This property is a regex. Note: it does not apply to the GECOS (co mments field). Default is [A-Za-z0-9_//]*." dataType="String" required="false" displayName="Whitelist Regex"/>
<advanceConfig name="sudoPasswdExpectExpression" value="password:" helpText="The password prompt displayed when running a command in sudo mode. Default value is password." dataType="String " required="false" displayName="Sudo Passwd Expect Expression"/>
<advanceConfig name="rbacRoleExpectExpressions" value="password:,[$#]" helpText="The password expression displayed when switching to the RBAC role and the expected shell prompt separated b y comma. Eg. password,#." dataType="String" required="false" displayName="RBAC Role Expect Expressions"/>
<advanceConfig name="commandTimeout" value="10000000" helpText="The command timeout value in milliseconds." dataType="int" required="false" displayName="Command Timeout"/>
<advanceConfig name="configPropertiesOnScripts" value="moveHomeDirContents,shadow,defaultHomeBaseDir,defaultPriGroup,defaultShell,nisPwdDir,nisBuildDirectory,removeHomeDirContents,forceDel eteUserHome,syncToken,mirrorFilesLocation,connectorPrompt" helpText="The properties whose value if provided, would be available in the scripts." dataType="String" required="false" display Name="Config Properties On Scripts"/>
<advanceConfig name="mirrorFilesLocation" value="/etc/connector_mirror_files" helpText="The directory where the connector can create copies of the /etc/passwd and shadow files. Default is /etc/connector_mirror_files." dataType="String" required="false" displayName="Mirror Files Location"/>
<advanceConfig name="passwordExpectExpressions" value="new[\s](unix[\s])?password:,new[\s](unix[\s])?password([\s]again)?:" helpText="The expressions displayed on the target when setting t he users password. Eg. If the expressions displayed on running the passwd command are: Enter password: and Re-enter password:, then the value for this field can be enter password,re-ente r password. Note: a regex can be provided here and the two expressions should be comma separated." dataType="String" required="false" displayName=" Password Expect Expressions"/>
<advanceConfig name="supportedLanguage" value="Bourne" helpText="The supported language for ScriptOnResource opertation. Default is Bourne." dataType="String" required="false" displayName= "Supported Language"/>
<advanceConfig name="telnetAuthenticationPrompts" value="login: ,Password:" helpText="The authentication prompts displayed when doing telnet login. The prompts for user name and password s hould be provided as comma separated values. Eg. login,password." dataType="String" required="false" displayName="Telnet Authentication Prompts"/>
<advanceConfig name="moveHomeDirContents" value="true" helpText="Specifies whether the old home directory contents should be moved to the new directory location when changing the Home Dire ctory. Possible values are true or false. Default is true." dataType="String" required="false" displayName="Move Home Dir Contents"/>
<advanceConfig name="privateKey[LOADFROMURL]" value="" required="false" displayName="Private Key"/>
</advanceConfigurations>
<objectClass name="User">
<provisioningConfig>
<accountName>User Login</accountName>
<validationScript>
</validationScript>
<transformationScript
def getBeneficiaryAttrFromContext(attrName) {
if (context.beneficiary != null) {
return context.beneficiary.getAttribute(attrName);
}
return null;
}
def getBeneficiaryPwdFromContext() {
return context.beneficiaryPassword;
}
if (binding.variables != null) {
if (binding.variables.containsKey("context")) {
if (context.operationType != null) {
if(context.operationType.equalsIgnoreCase("create")){
if (context.provisionMechanism != null) {
if(context.provisionMechanism.equalsIgnoreCase("POLICY")) {
User_Login = getBeneficiaryAttrFromContext("User Login");
Password = getBeneficiaryPwdFromContext();
} else if (context.provisionMechanism.equalsIgnoreCase("REQUEST") || context.provisionMechanism.equalsIgnoreCase("ADMIN")) {
if (User_Login == null || User_Login == "") {
User_Login = getBeneficiaryAttrFromContext("User Login");
}
if (Password == null || Password == "") {
Password = getBeneficiaryPwdFromContext();
}
}
}
}
}
}
}
</transformationScript>
<capabilities>
<capability actionName="disable" enabled="true"/>
<capability actionName="delete" enabled="true">
<actionScripts>
<actionScript language="Shell" triggerTime="Before" target="Connector"/>
<actionScript language="Shell" triggerTime="After" target="Connector"/>
</actionScripts>
</capability>
<capability actionName="enable" enabled="true"/>
<capability actionName="create" enabled="true">
<actionScripts>
<actionScript language="Shell" triggerTime="Before" target="Connector"/>
<actionScript language="Shell" triggerTime="After" target="Connector"/>
</actionScripts>
</capability>
<capability actionName="update" enabled="true">
<actionScripts>
<actionScript language="Shell" triggerTime="Before" target="Connector"/>
<actionScript language="Shell" triggerTime="After" target="Connector"/>
</actionScripts>
</capability>
</capabilities>
</provisioningConfig>
<reconConfig>
<reconJobDetails>
<jobDetail mode="Entitlement" jobName="UNIX User Primary Group Lookup Reconciliation">
<parametersList>
<parameter dataType="String" helpText="Application Name" value="" name="Application Name" />
<parameter dataType="String" helpText="Code Key Attribute" value="__NAME__" name="Code Key Attribute" />
<parameter dataType="String" helpText="Decode Attribute" value="__NAME__" name="Decode Attribute" />
<parameter dataType="String" helpText="Lookup Name" value="Lookup.UNIX.PrimaryGroup" name="Lookup Name" />
<parameter dataType="String" helpText="Object Type" value="Group" name="Object Type" />
</parametersList>
</jobDetail>
<jobDetail mode="Entitlement" jobName="UNIX User Shell Lookup Reconciliation">
<parametersList>
<parameter dataType="String" helpText="Application Name" value="" name="Application Name" />
<parameter dataType="String" helpText="Code Key Attribute" value="__NAME__" name="Code Key Attribute" />
<parameter dataType="String" helpText="Decode Attribute" value="__NAME__" name="Decode Attribute" />
<parameter dataType="String" helpText="Lookup Name" value="Lookup.UNIX.UserShell" name="Lookup Name" />
<parameter dataType="String" helpText="Object Type" value="__SHELLS__" name="Object Type" />
</parametersList>
</jobDetail>
<jobDetail mode="Full" jobName="UNIX Target Resource Full User Reconciliation">
<parametersList>
<parameter dataType="String" helpText="Application Name" value="" name="Application Name" />
<parameter dataType="String" helpText="Batch Size" value="0" name="Batch Size" />
<parameter dataType="String" helpText="Batch start index" value="0" name="Batch start index" />
<parameter dataType="String" helpText="Filter" value="" name="Filter" />
<parameter dataType="String" helpText="No. of Batches" value="0" name="No. of Batches" />
<parameter dataType="String" helpText="Object Type" value="User" name="Object Type" />
</parametersList>
</jobDetail>
<jobDetail mode="Incremental" jobName="UNIX Target Incremental Resource User Reconciliation">
<parametersList>
<parameter dataType="String" helpText="Application Name" value="" name="Application Name" />
<parameter dataType="String" helpText="Batch Size" value="0" name="Batch Size" />
<parameter dataType="String" helpText="Batch start index" value="0" name="Batch start index" />
<parameter dataType="String" helpText="No. of Batches" value="0" name="No. of Batches" />
<parameter dataType="String" helpText="Object Type" value="User" name="Object Type" />
<parameter dataType="String" helpText="Scheduled Task Name" value="UNIX Target Incremental Resource User Reconciliation" name="Scheduled Task Name" />
<parameter dataType="String" helpText="Sync Token" value="" name="Sync Token" />
</parametersList>
</jobDetail>
</reconJobDetails>
<identityCorrelationRule ruleOperator="AND">
<ruleElement targetAttribute="__NAME__" userAttribute="User Login" elementOperator="Equals" transformName="NONE"/>
</identityCorrelationRule>
<situationResponses>
<situationResponse situation="No Matches Found" response="None"/>
<situationResponse situation="One Entity Match Found" response="Establish Link"/>
<situationResponse situation="One Process Match Found" response="Establish Link"/>
</situationResponses>
</reconConfig>
<form name="UNIX">
<schemaAttributes>
<schemaAttribute name="__NAME__" dataType="String" displayName="User Login" length="32" keyField="true" required="true" fieldType="TextField" reconcileable="true" provisionable= "true"/>
<schemaAttribute name="__PASSWORD__" dataType="String" displayName="Password" length="32" fieldType="PasswordField" provisionable="true" encrypted="true"/>
<schemaAttribute name="COMMENTS##COMMENTS##" dataType="String" displayName="GECOS" length="250" fieldType="TextField" reconcileable="true" provisionable="true"/>
<schemaAttribute name="CREATE_HOME_DIR" dataType="String" displayName="Create home directory" length="10" fieldType="ComboBox" reconcileable="true" provisionable="true" listOfVa lues="Lookup.UNIX.YesNo.Options"/>
<schemaAttribute name="HOME_DIR" dataType="String" displayName="Home Directory" length="250" fieldType="TextField" reconcileable="true" provisionable="true"/>
<schemaAttribute name="EXP_DATE##DATE##" dataType="Date" displayName="Expire Date" length="0" fieldType="DateFieldDlg" reconcileable="true" provisionable="true" advanceFlags="DA TE"/>
<schemaAttribute name="INACTIVE" dataType="Int" displayName="Inactive Days" length="10" fieldType="TextField" reconcileable="true" provisionable="true"/>
<schemaAttribute name="PGROUP" dataType="String" displayName="Primary Group" length="50" fieldType="LookupField" reconcileable="true" provisionable="true" advanceFlags="LOOKUP" listOfValues="Lookup.UNIX.PrimaryGroup"/>
<schemaAttribute name="USID" dataType="Int" displayName="UID" length="10" fieldType="TextField" reconcileable="true" provisionable="true"/>
<schemaAttribute name="USER_SHELL" dataType="String" displayName="User Shell" length="250" fieldType="LookupField" reconcileable="true" provisionable="true" advanceFlags="LOOKUP " listOfValues="Lookup.UNIX.UserShell"/>
<schemaAttribute name="SKEL_DIR" dataType="String" displayName="Skeleton Directory" length="250" fieldType="TextField" provisionable="true"/>
<schemaAttribute name="__UID__" dataType="String" displayName="ReturnValue" length="100" fieldType="TextField" reconcileable="true" provisionable="true"/>
<schemaAttribute name="__ENABLE__" dataType="String" displayName="Status" length="0" fieldType="TextField" reconcileable="true"/>
</schemaAttributes>
<form name="Secondary Groups">
<schemaAttributes>
<schemaAttribute name="SECONDARYGROUP" dataType="String" displayName="Secondary Group" length="50" keyField="true" fieldType="LookupField" entitlement="true" reconcileable= "true" provisionable="true" advanceFlags="LOOKUP" listOfValues="Lookup.UNIX.PrimaryGroup"/>
</schemaAttributes>
</form>
</form>
</objectClass>
<catalogAttributes>
</catalogAttributes>>
<organizations>
<organization name="Top" heirarchy="true" type="System"/>
</organizations>
<status>ACTIVEstatus>ACTIVE>
</application>